Hotel Ariston

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLES 13 AND 14 OF THE GDPR 2016/679

In compliance with the provisions of the GDPR 2016/679, hereby we inform you, as the "Data Subject", about the purposes of data collection and about the processing of personal data relating to your company/person, which have been obtained directly and/or indirectly from you, to enable us to carry out our activity according to the current provisions.
We hereby provide you with the correct information on the processing of personal data, as specified below, even with reference to the management of this website. This information is not provided for other websites visited by the user by links or other sharing tools, such as widget and applications which allow to connect and to share contents on social networks or platforms not related to www.coloradogrouphotels.com

The legal basis of the processing is constituted by the fulfillment of pre-contractual and/or contractual obligations.
With reference to the specific purposes referred to in the previous art. 2 lett. c., d., e., the legal basis of the processing is constituted by the specific consent given by you.

4. CATEGORIES OF PERSONAL DATA CONCERNED

Personal data processed are the following:

registry data of the Data Subject;

contact data of the Data Subject.

5. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA

Personal data may be communicated by us exclusively to the third parties indicated below:

accounting, tax, legal advisors;

computer technician for IT assistance;

debt recovery companies, only if necessary;

banking institutions;

public entities, judicial, financial and other institutions, if required by laws, regulations, European provisions;

Personal data may also be known by the staff specifically appointed by the Controller who may provides for the management of data, in relation to the purposes indicated above.
The specific identification data of the abovementioned third parties may be known by you at any time through the exercise of the right of access recognized to you and without prejudice to any legal limitations in this regard.
Personal data will not be disseminated.

6. AIM OF THE CONTROLLER TO TRANSFER PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONALORGANISATION

The Data Controller does not have the aim to transfer personal data to a third country or international organization.

7. THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

Collected data will be stored as follows.

Necessary Data for the purpose of the pre-contractual relationship: for the time strictly necessary for the possible finalization of the contractual relationship and, in any case, for a period of time not exceeding 1 year from the collection.

Necessary Data for the fulfillment/management of the contractual relationship/requested services and performances: for the entire duration of the contractual relationship, for the time strictly necessary for the fulfillment of the requested services and performances and, in any case, for a further period of 10 years exceeding the termination of the relationship.

Accounting records, invoices and correspondence: 10 years, as established by law.

Necessary Data for credit recovery activity: up to completion of this activity.

Necessary Data for the management of any litigation: up to the definition of the dispute itself.

Necessary Data for marketing activities: for 10 years from the date of your consent to the processing for marketing purposes and, in any case, up to the revocation of the consent or the exercise of the right to object and to erasure of personal data.

Any longer period of conservation remains in the event that these derive from legal, accounting and/or tax obligations.
After the retention period, as described above, we will proceed to the entire elimination of data provided by you.

8. RIGHTS OF THE DATA SUBJECT

The GDPR 2016/679 acknowledges the following rights to the Data Subject:

Right of access – art. 15;

Right to rectification - art. 16;

Right to erasure (‘right to be forgotten’) - art. 17;

Right to restriction of processing - art. 18;

Right to data portability - art. 20;

Right to object – art. 21;

Right to automated individual decision-making – art. 22;

Right to withdraw the consent at any time without affecting of the lawfulness of processing based on consent before its withdrawal – art. 7;

Right to lodge a complaint with a supervisory authority – art. 77;

Right to an effective judicial remedy against a supervisory authority (art. 78) and against the Controller or processor (art. 79).

For the exercise of the abovementioned rights from a) to h) the Data Subject has to contact the Data Controller.

9. SOURCE FROM WHICH THE PERSONAL DATA ORIGINATE

Personal data may be collected as follows:

eventual direct collection by the Controller from public sources, such as Booking, Trivago etc.

10. LEGAL NATURE OF THE DATA COLLECTION

The provision of personal data by the Data Subject, even though unnecessary, is a contractual requirement for the fulfillment of the abovementioned purposes. In case of failing in providing such data the contractual obligation may not be fulfilled.
The provision of personal data for the specific purposes referred to in the previous art. 2 lett. c., d., e., is also unnecessary. You are free to choose not to provide any data or to withdraw afterwards the possibility to processing data; in this case you will not take any advantage of the above mentioned purposes.
It is up to the Data Subject to promptly notify the Data Controller of any changes concerning personal data.

11. AUTOMATED DECISION-MAKING, INCLUDING PROFILING

Collected data will not be subject to automated decision-making, including profiling.

12. THE DATA PROCESSING

Collected data will be processed as follows in compliance with the GDPR 2016/679 provisions:

the access to data and the files will be allowed to the processors and the external parties designated as responsible,

the protection and systematic monitoring of personal data through appropriate actions;

the data recording and processing through information systems or files or paper means and organization of paper and computer files;

the data management by pseudonymisation and anonymisation measures, if possible;

the review and change of personal data on a possible request from the customer/supplier/user.

In order to satisfy the expectation of the users, this website may have connections with other websites non directly managed by the Controller. There could be also connections to advertisers, sponsors or commercial partners. The website www.coloradogrouphotels.com and its responsible are not able to control third persons to whom such connections send. The access to other websites and the joining to initiatives of third persons are managed by their privacy policy administration. The Controller in any case is not liable for the above mentioned management of the privacy policy of third persons.